CVE-2024-5033

Name of the Vulnerable Software and Affected Versions: SULly WordPress plugin versions prior to 4.3.1

Description: The issue concerns a lack of CSRF check in certain areas and missing sanitization as well as escaping. This could allow attackers to make logged-in admins add Stored XSS payloads via a CSRF attack.

Recommendations: For versions prior to 4.3.1, update to version 4.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to areas where the CSRF check is missing and ensure proper sanitization and escaping of user input to minimize the risk of exploitation.